Comment 17 for bug 691590

This really feels like a serious security bug. The whole point of running qemu as non root is to prevent it from accessing files that you haven't given it permission to. By blindly chowning files to the qemu user, you allow for the user who is given permission to run virtual machines to start one with direct access to your /boot partition and hack the host system.

Even if you do wish to bypass permissions and allow the vm access to whatever file a vm admin has configured it to ( under the assumption that they are trusted as if root ), you don't do that with the sledge hammer of chowning the file; you open the file while still root, and pass the open file descriptor to qemu.

Really, it should assume the identity of the user who is requesting that the vm be started and open the file as them rather than root, thus restricting access only to the files that user has access to, but that may be considered a separate issue.

For now I will focus on at least getting rid of the bad behavior of permanently chowning files.